A person carrying protecting gear checks his cell phone at a subway station, after the lockdown positioned to curb the coronavirus illness (COVID-19) outbreak was lifted in Shanghai, China June 2, 2022. REUTERS/Aly Track

BEIJING, Aug 12 (Reuters) – A hacker has claimed to have obtained the private info of 48.5 million users of a COVID well being code cellular app run by the town of Shanghai, the second declare of a breach of the Chinese language monetary hub’s data in simply over a month.

The hacker with the username as “XJP” posted a proposal to sell the data for $4,000 on the hacker discussion board Breach Boards on Wednesday.

The hacker offered a pattern of the data together with the telephone numbers, names and Chinese language identification numbers and well being code standing of 47 individuals.

Eleven of the 47 reached by Reuters confirmed that they have been listed within the pattern, although two mentioned their identification numbers have been incorrect.

“This DB (database) accommodates everybody who lives in or visited Shanghai since Suishenma’s adoption,” XJP mentioned within the put up, which initially requested for $4,850 earlier than reducing the worth later within the day.

Suishenma is the Chinese language identify for Shanghai’s well being code system, which the town of 25 million individuals, like many throughout China, established in early 2020 to fight the unfold of COVID-19. All residents and guests have to use it.

The app collects journey data to give individuals a pink, yellow or inexperienced score indicating the probability of having the virus and users have to present the code to enter public venues.

The data is managed by the town authorities and users entry Suishenma by way of the Alipay app, owned by fintech big and Alibaba (9988.HK) affiliate Ant Group, and Tencent Holdings’ (0700.HK) WeChat app.

XJP, the Shanghai authorities, Ant and Tencent didn’t instantly reply to requests for remark.

The purported Suishenma breach comes after a hacker early final month mentioned they’d procured 23 terabytes of private info belonging to one billion Chinese language residents from the Shanghai police.

That hacker additionally provided to sell the data on Breach Boards. learn extra

The Wall Avenue Journal, citing cyber safety researchers, mentioned the primary hacker had been in a position to steal the data from the police as a dashboard for managing a police database had been left open on the general public web with out password safety for greater than a 12 months. learn extra

The newspaper mentioned data was hosted on Alibaba’s cloud platform and Shanghai authorities had summoned firm executives over the matter.

Neither the Shanghai authorities, nor police nor Alibaba have commented on the police database matter.

Reporting by Eduardo Baptista and the Shanghai newsroom; Writing by Brenda Goh; Enhancing by Robert Birsel

Our Requirements: The Thomson Reuters Belief Ideas.